Re: How to use gksu to safely run a non-open-source application?

["Paul Smith" <psmith nortelnetworks com>]

%% Jack Dodds <brmdamon aci on ca> writes:

  jd> Perhaps you know enough about how X works to answer this question:

The internet knows all.

One page I found in about 2 seconds by giving "X windows security" to
Google is:

  http://bau2.uibk.ac.at/matic/ccxsec.htm

  jd> Let us suppose that an application owned by one user - in this
  jd> case "realplay" - is authorized to put a window on the display
  jd> owned by another user - in this case "jack".

Either you can connect to the display, or you cannot.  If you can
connect to the display, you can run any client you like.

  jd> How much information can realplay get from jack's display?
  jd> Obviously if realplay's window "has the focus" then X will send
  jd> keyboard and mouse events to realplay's application.  Is there a
  jd> way that realplay's application can get events (or other
  jd> information) from jack's display when realplay's window DOES NOT
  jd> have the focus?

Absolutely.  A client can get a complete screendump (that's what the
snapshot program does for example), and it can also see every keypress
that goes through the server.

-- 
-------------------------------------------------------------------------------
 Paul D. Smith <psmith nortelnetworks com>   HASMAT--HA Software Mthds & Tools
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist
-------------------------------------------------------------------------------
   These are my opinions---Nortel Networks takes no responsibility for them.